About Test Connection
When adding an asset, Test Connection verifies that Safeguard for Privileged Passwords can log into the asset using the service account credentials that you have provided.
When adding an asset that requires an SSH host key, Test Connection first discovers the key and presents it to you for acceptance. When you accept it, Test Connection then verifies that Safeguard for Privileged Passwords can log into the asset using the service account credentials that you have provided.
Once you save the new asset, Safeguard for Privileged Passwords saves the service account credentials. Safeguard for Privileged Passwords uses these credentials to connect to an asset to securely manage accounts and passwords on that asset. For more information, see About service accounts.
If you want to verify an existing asset's connectivity, use the Check Connection right-click command. For more information, see Checking an asset's connectivity.
Related Topics
SSH Key
You can configure Safeguard for Privileged Passwords to authenticate to a managed system using an SSH authentication key. Safeguard for Privileged Passwords will not rotate SSH Keys unless you select the Manage SSH Key option in the asset's profile change schedule. For more information, see Adding change password settings.
|
|
Note: This option is not available for all operating systems. But if a Safeguard for Privileged Passwords asset requires an SSH host key and does not have one, Check Password, Change Password, and Test Connection will fail. For more information, see Connectivity failures. |
| Property | Description | ||
|---|---|---|---|
| Automatically Generate the SSH Key |
Select this option to have Safeguard for Privileged Passwords generate the SSH authentication key. | ||
| Manually Deploy the SSH Key |
When you select Automatically Generate the SSH Key, Safeguard for Privileged Passwords allows you to select this option so that you can manually append this public key to the authorized keys file on the managed system for the service account. For more information, see Downloading a public SSH key. The SSH authentication key becomes available after Safeguard for Privileged Passwords creates the asset.
| ||
| Import and Manually Deploy the SSH Key |
Select this option, then Browse to import an SSH authentication key. For more information, see Importing an SSH key. | ||
| Key Comment |
(Optional) Enter a description of this SSH key. | ||
| Service Account Name |
Enter the service account name that Safeguard for Privileged Passwords is to use for management tasks. This is the account Safeguard for Privileged Passwords uses to install the SSH authentication key on the asset. For more information, see About service accounts. Required | ||
| Service Account Password |
If not importing the SSH authentication key, then you must enter the service account password Safeguard for Privileged Passwords needs to authenticate to this managed system. Limit: 255 characters Required | ||
| Privilege Elevation Command |
If required, enter a privilege elevation command (such as sudo). This is used as a prefix for commands that require privileged access on the system and to manage accounts on Unix-based systems; that is, to check and change passwords and to discover accounts. When adding an asset, Safeguard for Privileged Passwords uses this command to perform Test Connection. For more information, see About Test Connection. To enable Safeguard for Privileged Passwords to elevate the privileges of the service account, assign the asset to the scope of a partition profile that has the privilege elevation command defined. For more information, see Creating a partition profile. The privilege elevation command must run non-interactively, that is, without prompting for a password. For more information, see Prepare Unix-based systems. Unix-based systems; that is, to check and change passwords and to discover accounts. Limit: 255 characters | ||
| Test Connection |
Click this button to verify that Safeguard for Privileged Passwords can log into this asset using the service account credentials you have provided. For more information, see About Test Connection. | ||
|
Service Account Profile |
Click  Edit to add the profile or — Remove to delete the assigned profile. Available profiles are based on the partition selected on the General tab (asset discovery). To update the profile later, go to the service account and update the Profile. For more information, see General tab (account). | ||
| Auto Accept SSH Host Key |
Select this option to have Safeguard for Privileged Passwords automatically accept the SSH host key when it creates the Safeguard for Privileged Passwords asset. When this option is selected, Safeguard for Privileged Passwords displays the thumbprint of the SSH host key that was discovered. When a managed system requiring an SSH host key does not have one, Check Password will fail. For more information, see Connectivity failures. | ||
| Port |
Enter the port number used by SSH to log into the managed system. Required | ||
| Connection Timeout |
Enter the command timeout period. This option applies only to platforms that use telnet or SSH. Default: 20 seconds |
Importing an SSH key
When you add an asset using the SSH Key authentication type, Safeguard for Privileged Passwords gives you the option to Use an Imported SSH Key.
To import an SSH Key
- Click
Add Asset from the toolbar to add an asset.
- In the Connection tab,
- Authentication type: Select SSH Key.
- SSH Key Generation and Deployment Settings: Select Import and Manually Deploy SSH Key.
- Browse to select an SSH key.
- In the SSH Key dialog, click
Import an SSH Key.
- In the Import an SSH Key dialog, specify the following information:
- Private Key File: Browse to select a private key file.
- Key Comment: Enter a comment regarding the key.
- Click Import.
Directory Account
You can configure Safeguard for Privileged Passwords to authenticate to a managed system using an account from an external identity store such as Microsoft Active Directory. In order to use this authentication type, you must first add a directory asset to Safeguard for Privileged Passwords and add domain user accounts. For more information, see Accounts.
| Property | Description |
|---|---|
| Service Account Name |
Click Select Account. Choose the service account name used for management tasks. The accounts available for selection are domain user accounts that are linked to a directory that was previously added to Safeguard for Privileged Passwords. |
|
Service Account Password |
If required, enter the password used to authenticate. |
| Privilege Elevation Command |
If required, enter a privilege elevation command (such as sudo). This is used as a prefix for commands that require privileged access on the system and to manage accounts on Unix-based systems; that is, to check and change passwords and to discover accounts. When adding an asset, Safeguard for Privileged Passwords uses this command to perform Test Connection. For more information, see About Test Connection. To enable Safeguard for Privileged Passwords to elevate the privileges of the service account, assign the asset to the scope of a partition profile that has the privilege elevation command defined. For more information, see Creating a partition profile. The privilege elevation command must run non-interactively, that is, without prompting for a password. For more information, see Prepare Unix-based systems. Unix-based systems; that is, to check and change passwords and to discover accounts. Limit: 255 characters |
| Test Connection |
Click this button to verify that Safeguard for Privileged Passwords can log into this asset using the service account credentials you have provided. For more information, see About Test Connection. |
|
Service Account Profile |
Edit to add the profile or — Remove to delete the assigned profile. Available profiles are based on the partition selected on the General tab (asset discovery). To update the profile later, go to the service account and update the Profile. For more information, see General tab (account). |
|
Use Named Pipe for service account connection |
Select to use the Named Pipe when connecting to the asset. Clear this check box to use TCP/IP when connecting to the asset. |
| Use SSL Encryption |
Select this option to enable Safeguard to encrypt communication with this asset. If you do not select this option for a MicrosoftSQL Server that is configured to Force Encryption, Test Connection will use untrusted encryption and succeed with valid credentials. For more information about how Safeguard database servers use SSL, see How do Safeguard for Privileged Passwords database servers use SSL |
| Verify SSL Certificate |
Use this option to enable or disable SSL Certificate verification on the asset. When enabled, Safeguard for Privileged Passwords compares the signing authority of the certificate presented by the asset to the certificates in the Trusted Certificates store every time Safeguard for Privileged Passwords connects to the asset. Trust must be established for Safeguard for Privileged Passwords to manage the asset. For Safeguard for Privileged Passwords to verify an SSL certificate, you must add the asset's signing authority certificate to the Trusted Certificates store. Only clear the Verify SSL Certificate option if you do not want to establish trust with the asset’s |
| Privilege Level Password | If required, enter the system enable password to allow access to the Cisco configuration. |
| Auto Accept SSH Host Key |
Select this option to have Safeguard for Privileged Passwords automatically accept an SSH host key. When an asset requiring an SSH host key does not have one, Check Password will fail. For more information, see Connectivity failures. |
| Instance |
Specify the Instance name if you have configured multiple instances of a SQL Server on this asset. If you have configured a default (unnamed) instance of the SQL Server on the host, you need to provide the IP address and port number. |
| Port |
Enter the port number to log into the asset. This option is not available for all operating systems. |
| Connection Timeout |
Enter the directory connection timeout period. Default: 20 seconds |